Abstract
A basic function of all signatures, digital or not, is to express trust and authority, explicit or implied. This is especially the case with digital signatures used in certificates. In this paper, we study the trust relationships expressed by the certificates used in X.509, PGP and SPKI. Especially, we present and revise the idea of a certificate loop, or a loop of certificates from the verifying party to the communicating peer, requesting access or acceptance. We also show how that kind of certificate loops can be used to explicitly express security policy decisions. In the end of the paper, we briefly describe our own SPKI implementation that is specially tailored towards policy management. The implementation is based on Java and build using Design Patterns. It functions as a separate process, providing security services to the local kernel and applications.
This is a preview of subscription content, log in via an institution to check access.
Preview
Unable to display preview. Download preview PDF.
References
Anderson, R., Needham, R.: Robustness principles for public key protocols, In Proceeings of Crypto'95, 1995.
Atkinson, R.: Security Architecture for Internet Protocol, RFC 1825, Naval Research Laboratory, 1995.
Beth, T., Borcherding, M., Klein, B.: Valuation of Trust in Open Networks, University of Karlsruhe, 1994.
Blaze, M., Feigenbaum, J., Lacy, J.: Decentralized Trust Management, In Proceedings of the IEEE Conference on Security and Privacy, 1996.
Chadwick, D., Young, A.: Merging and Extending the PGP and PEM Trust Models — The ICE-TEL Trust Model, IEEE Network Magazine, May/June, 1997.
Ellison, C.: Establishing Identity Without Certification Authorities, In Proceedings of the USENIX Security Symposium, 1996.
Ellison, C.: Generalized Certificates, http://www.clark.net/pub/cme/html/cert.html.
Gamma, E., Helm, R., Johnson, R., Vlissides, J.: Design Patterns — Elements of Reusable Object-Oriented Software, Addison-Wesley, 1995.
Karila, A.: Open Systems Security — an Architectural Framework, dissertation, Helsinki University of Technology, 1991.
Landau, C.: Security in a Secure Capability-Based System, Operating Systems Review, pp. 2–4, October 1989.
Milne, A. A.: Winnie-the-Pooh, The House at Pooh Corner, Methuen Children's Books, 1928.
Zimmermann, P.: The Official PGP Users Guide, MIT Press, 1995.
Housley, R., Ford, W., Polk, W, Solo, D.: Internet Public Key Infrastructure, Part I: X.509 Certificate and CRL Profile, draft-ietf-pkix-ipki-part1-05.txt, 1997.
Rivest, R., Lampson, B.: SDSI — A Simple Distributed Security Infrastructure, 1996.
Ellison, C., Frantz, B., Lampson, B., Rivest, R., Thomas, B., Ylonen, T.: Simple Public Key Certificate, Internet Draft, draft-ietf-spki-cert-structure-02.txt, 1997.
International Telegraph and Telephone Consultative Committee (CCITT): Recommendation X.509, The Directory — Authentication Framework, CCITT Blue Book, Vol VIII.8, pp. 48–81, 1988.
Yahalom, R., Klein, B., Beth, T.: Trust Relationships in Secure Systems — A Distributed Authentication Perspective, In Proceedings of the IEEE Conference on Research in Security and Privacy, 1993.
Author information
Authors and Affiliations
Editor information
Rights and permissions
Copyright information
© 1998 Springer-Verlag Berlin Heidelberg
About this paper
Cite this paper
Lehti, I., Nikander, P. (1998). Certifying trust. In: Imai, H., Zheng, Y. (eds) Public Key Cryptography. PKC 1998. Lecture Notes in Computer Science, vol 1431. Springer, Berlin, Heidelberg. https://doi.org/10.1007/BFb0054017
Download citation
DOI: https://doi.org/10.1007/BFb0054017
Published:
Publisher Name: Springer, Berlin, Heidelberg
Print ISBN: 978-3-540-64693-8
Online ISBN: 978-3-540-69105-1
eBook Packages: Springer Book Archive